Hi Everyone,
I have an issue with my website login and registration. On localhost using xampp, my code is working perfectly but on online server I'm getting these errors "PHP Notice: Undefined index: **** in ... " for both username and password.
I've tried so many solutions but none is working.
Here is my code. Please help.
Login.php page code
`
<?php
include '../../includes/conn.php';
include '../../includes/functions.php';
include '../../includes/navbar.php';
?>
<div class="register login">
<div class="container">
<div class="row">
<div class="col-lg-4"></div>
<div class="col-lg-4">
<form action="verify.php" method="post">
<div class="reg-holder log-in">
<div class="form-group">
<p class="title">Login to proceed</p>
</div>
<div>
<?php include '../../includes/alert-message.php'; ?>
</div>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><i class="fa fa-user"></i></span>
<input type="text" class="form-control" name="Username" id="Username" placeholder="Username" required>
</div>
</div>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"> <i class="fa fa-lock"></i> </span>
<input type="password" class="form-control" name="Password" placeholder="Password" required>
</div>
</div>
<div class="sign-up">
<button type="submit" class="btn btn-primary pull-right"><i class="fa fa-sign-in"></i>&nbsp;Login</button>
</div>
<div class="form-group login-footer">
<a href="register.php">Don't have an account? Sign-up</a>
<br>
<a href="home.php"> <i class="fa fa-home"></i> Home </a>
</div>
</div>
</div> <!-- End Reg-holder -->
</form>
<div class="col-lg-4"></div>
</div> <!-- End Row -->
</div> <!-- End Container -->
</div> <!-- End Register -->

<?php include '../../includes/footer.php'; ?>
`
and verify.php page

`
<?php
include '../../includes/functions.php';
include '../../includes/conn.php';

$username = $conn->real_escape_string($_POST['Username']);

$password = $conn->real_escape_string($_POST['Password']);

$sql = "SELECT * FROM users WHERE username='$username'";
$query = mysqli_query($conn, $sql);

if ($query->num_rows==1) {
    if ($login = mysqli_fetch_array($query)) {
        if (password_verify($password, $login['password'])) {
            $_SESSION['id'] = $login['id'];
            $_SESSION['user'] = $login['username'];
            if ($login['type']==0) {
                $_SESSION['SuccessMessage'] = "Hey  {$_SESSION['user']} :)";
                redirect_to("home.php");
            } elseif ($login['type']==1) {
                $_SESSION['SuccessMessage'] = "Welcome {$_SESSION['user']}";
                redirect_to("../../admin/home.php");
            }
        } else {
            $_SESSION['ErrorMessage'] = "Invalid username/password";
            redirect_to("login.php");
        }
    }
} else {
    $_SESSION['ErrorMessage'] = "Something went wrong. Try again!";
    redirect_to("login.php");
}

One of the solutions I've tried is to use isset to check both username name and password but still nothing is working.
With isset method my code looked like this:
<?php
include '../../includes/functions.php';
include '../../includes/conn.php';


if (isset($_POST['Username']) && isset($_POST['Password'])) {

$username = $conn->real_escape_string($_POST['Username']);

$password = $conn->real_escape_string($_POST['Password']);

}
    $sql = "SELECT * FROM users WHERE username='$username'";
$query = mysqli_query($conn, $sql);

if ($query->num_rows==1) {
    if ($login = mysqli_fetch_array($query)) {
        if (password_verify($password, $login['password'])) {
            $_SESSION['id'] = $login['id'];
            $_SESSION['user'] = $login['username'];
            if ($login['type']==0) {
                $_SESSION['SuccessMessage'] = "Hey  {$_SESSION['user']} :)";
                redirect_to("home.php");
            } elseif ($login['type']==1) {
                $_SESSION['SuccessMessage'] = "Welcome {$_SESSION['user']}";
                redirect_to("../../admin/home.php");
            }
        } else {
            $_SESSION['ErrorMessage'] = "Invalid username/password";
            redirect_to("login.php");
        }
    }
} else {
    $_SESSION['ErrorMessage'] = "Something went wrong. Try again!";
    redirect_to("login.php");
}

`
Which works perfectly on localhost but not on online server for my website.
Kindly help.

    Most likely, your session_start() is failing (there would be a php error, if the php error settings are set up to either display or log all error), and all the redirecting around on the site is unintentionally returning to the verify.php page. You are probably seeing the result of a get request for that page.

    1. Make sure that php's error_reporting is set to E_ALL and either set display_errors to ON or set log_errors to ON, to either display or log all php errors. Also, if php's output_buffering is set to a value, any non-fatal php errors will get discarded upon a redirect, so set output_buffering to OFF too.
    2. Your form processing code should be on the same page as the form. This will eliminate a lot of the code.
    3. The only redirect you should have in the post method form processing code is a redirect to the exact same url of the current page upon successful completion of the form processing code.
    4. Your form processing code should detect if a post method form was submitted before referencing any of the form data. It should then trim and validate all inputs, storing validation errors in an array. If there are no validation errors, then use the submitted form data.
    5. I hope your redirect_to() function contains an exit/die statement to stop code execution. If it doesn't, this could be one reason for the unexplained operation, as there could be code following a redirect that's altering session variables.
    6. You should be using a prepared query to supply external data to an sql query when it gets executed. And since you are not supply the password value to any sql query, why are you applying the _escape_string() function to it? This is altering the value, which will mean that a password containing any sql special characters may not match what was originally entered in the registration process.
    7. The only user related value you store in a session variable upon successful login should be the user id. You should query on each page request to get any other user information so that any change/edit in that information will always be current.

    pbismad Thank you a lot. I will implement and readjust my code as proposed above. I will reply here once I get the results

        4 months later
        Write a Reply...